cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
263
Views
0
Helpful
1
Replies

Simple internal FTP access in IOS ACLs

insccisco
Level 1
Level 1

I can't get access to my internal windows ftp server every time I apply an access list to the outside.

When I take out the ACL, everyone from the internet can access the internal FTp server (which is what we want).

What is the access list (or access lists) I need in order to allow this?

my internal IP is 10.33.33.5 255.255.255.0

It is a cisco router 1841 running IOS

thanks in advanced

1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

This would depend on the mode used by the clients (ACTIVE OR PASV)?

For ACTIVE FTP you need to allow both 20 and 21 as the destination ports going to the server. For PASV you need to allow a lot, have a look here (this link is just to see the difference between ACTIVE/PASV):

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml

And this is the actual link for all configs:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#activeftp

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: